Unified OAUTH2 /callback URIs
Azure App permissions; streamlined and easy to setup .... with greetings from a POC (proof of concept) ๐
Audience
Process Developers, Operators
Value
- One single OAUTH2 callback URI for all apps in a common security-system:
- Less technical details in these URIs: neither the
application-name for BPM Rest-Client callbacks, nor the identity-provider-name for security-system authentications are visible anymore in the URI
- Extendable ivy-core infrastructure; that allows us to quickly implement further oauth2 scenarios.
Version
Migration ๐ซ
The new callback URI must be made known to your Identity-Provider, once you are going to 10.0.3 or newer. This affects you if you use AzureAD as security-system IDP or if you have products installed, that use a third-party IDP, such as the MS-Graph or DocuSign connector.
Azure / MS-Graph
For the users of the ms-graph connectors or security-system with Azure as IDP, the callback URI on the Azure App Portal must be adjusted:
- ๐๏ธ remove entries following the schema:
https://{host}/{app}/auth/callback
and
https://{host}/{security}-workflow/{idp-name}/oauth2/callback
- โ
add a new entry:
https://{host}/oauth2/callback
If you are using MS-Graph products from the Market, update them to version 10.0.3 in your workflow-app.
DocuSign
In the case of DocuSign, please also update your redirect URIs in the DocuSign Admin Portal:
- ๐๏ธ remove entries following the schema:
https://{host}/{app}/auth/callback
- โ
add a new entry:
https://{host}/oauth2/callback
Update DocusSign products from the Market to version 10.0.3 in your workflow-app.
Next steps
- Roll out Azure IDP Logins to Engine-Cockpit and REST backend services.
- Simplify and streamline OAUTH2 round-trip in IFRAMEd Dialogs
Screenshots / Code
https://dev.axonivy.com/doc/nightly-10.0/engine-guide/integration/identity-provider/azure-ad/new-azure-app.html#azure-ad-app